Resumo da vaga

Senior Security Engineer (Red Team)

Requisitos e responsabilidades

Conteúdo da vaga extraído em seções para revisão mais rápida.

What you’ll do

  • Design and execute red team operations against Pindrop’s GenAI systems, LLM pipelines, RAG architectures, autonomous agents, APIs, SaaS products, and cloud environments, simulating real-world attacks across both traditional and AI-specific attack surfaces.
  • Conduct adversarial testing focused on prompt injection, indirect prompt attacks, jailbreaking, model extraction, training-data poisoning, data leakage, inference abuse, and unauthorized output manipulation.
  • Use deepfake generation, voice synthesis, and related spoofing techniques to test and attempt to defeat Pindrop’s voice authentication and deepfake detection capabilities, helping identify model robustness and detection gaps.
  • Develop novel attack chains that combine GenAI vulnerabilities with infrastructure, application, identity, and API weaknesses to create realistic end-to-end threat scenarios.
  • Plan and execute full-scope penetration tests and support bug bounty efforts across Pindrop’s web applications, APIs, SaaS products, and AWS/GCP environments using commercial and open-source offensive tooling.
  • Perform architecture reviews, security code reviews, and threat modeling with emphasis on vulnerabilities introduced by AI/ML components, model integrations, and LLM-facing services.
  • Build automation for offensive security workflows, testing, compliance checks, alerting, and reporting using Python or similar scripting languages, including AI-native attack tooling where useful.
  • Partner closely with SecOps and security engineering to improve detections, tune response workflows, and translate red team findings into practical remediation and defensive improvements.
  • Stay current on GenAI security research, adversarial ML techniques, evolving threat intelligence, and relevant regulatory developments, then apply those insights to Pindrop’s security program.

Who you are

  • You are an adversarial thinker who approaches security from an attacker’s perspective and brings the creativity, rigor, and curiosity to prove it.
  • You have genuine hands-on experience attacking AI systems, not just reading about them, and you enjoy breaking assumptions that others consider safe.
  • You continuously look for automation and AI-powered efficiencies in offensive security workflows.
  • You communicate clearly and can translate technical findings into prioritized, actionable guidance for technical and executive audiences alike.
  • You work independently and thrive in ambiguous, fast-moving environments with minimal supervision.
  • You are resilient, optimistic, accountable, and adaptable when priorities shift.

Your skill-set

  • 3+ years of hands-on penetration testing and red team experience across SaaS applications, cloud infrastructure, APIs, and web applications.
  • Demonstrable experience attacking GenAI or LLM-based systems, including prompt injection, jailbreaking, indirect prompt attacks, model extraction, or adversarial input generation.
  • Hands-on experience with deepfake tools, voice synthesis, or audio/visual spoofing technologies in an offensive or research context.
  • Strong proficiency with offensive security tooling such as Burp Suite, OWASP ZAP, Nmap, Metasploit, Cobalt Strike, or equivalent frameworks.
  • Experience configuring and operating SAST and DAST tools and integrating them into CI/CD pipelines.
  • Proficiency in at least one scripting or programming language, with Python strongly preferred, for custom attack tooling and workflow automation.
  • Familiarity with AI-specialized security tools or frameworks such as Garak, PyRIT, Claude Security, or similar adversarial ML tooling.
  • Strong understanding of cloud security architecture, container security, API security, and common security standards including ISO 27001/27002, NIST, CIS, PCI DSS, OWASP, and SOC 2.

Your skill-set

  • Prior software development or secure architecture experience, including the ability to reason about production code across multiple languages.
  • Research, publication, or deep practitioner background in adversarial machine learning, LLM security, or voice/audio deepfake detection.
  • Relevant certifications such as OSCP, GPEN, GWAPT, GXPN, CEH, or equivalent.
  • Prior experience in voice biometrics, AI security, fraud prevention, or similarly high-risk product environments.

What we offer

  • Competitive compensation package, including RSUs (Restricted Stock Units) for all employees, so everyone shares in our long-term success.
  • Remote-first environment - giving you flexibility and autonomy in how you structure your day.
  • While we work flexibly, we prioritize meaningful in-person moments through regular team on-sites, company-wide events, and intentional gatherings that foster connection, collaboration, and shared success.
  • Unlimited Paid Time Off (PTO)
  • Generous health and welfare plans to choose from - including one employer-paid “employee-only” plan!
  • Best-in-class Health Savings Account (HSA) employer contribution
  • Low-cost vision and dental plans for you and your family, providing comprehensive coverage and peace of mind.
  • Paid Parental Leave - Including birth, adoptive & foster parents
  • One year of diaper delivery for your newest addition to the family! It’s our way of welcoming new Pindroplets to the family!
  • Recurring monthly phone and internet allowance to help cover essential connectivity costs and support flexible work.
  • Enhanced fertility and GLP-1 benefits to support family-building journeys and personalized health needs.
  • Annual Learning & Development stipend to support your professional growth, skill-building, certifications, and continued education.

Details

  • One year of diaper delivery for your newest addition to the family! It’s our way of welcoming new Pindroplets to the family!
Vagas similares

Mantenha uma lista reserva.

Ver stack
FocoRed Team OperationsÁrea da vaga
Sinal de senioridadeSeniorNível do candidato
StackAWS, CI/CD, GCPSkills principais
Localização1 país aceitoElegibilidade

Stack

Use estas tags para comparar vagas remotas similares.

Elegibilidade de localização

Candidatos devem aplicar apenas quando o país do perfil estiver listado aqui.

Seu perfilPaís não definidoEntre para comparar seu país com esta vaga.

Fluxo de contratação

O WithMira mostra a vaga e depois envia candidatos para a aplicação da empresa.

1Confira fit da vaga, stack e elegibilidade de localização no WithMira.
2Abra a página de aplicação da empresa pelo link rastreado.
3Salve a vaga ou assine oportunidades similares antes de sair.
Aplicar no site da empresaSite da empresaAbrir link